CVE-2018-2446

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
sapbusinessobjects_business_intelligence
4.1
sapbusinessobjects_business_intelligence
4.2
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/105089
https://launchpad.support.sap.com/#/notes/2633846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742
http://www.securityfocus.com/bid/105089
https://launchpad.support.sap.com/#/notes/2633846
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499352742